VIR Vulnerability Intelligence Relay

CVE-2020-15265

medium
Published 2020-11-13 · Modified 2023-12-06
CVSS v3
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS v2
VIR risk
5.5

Description

In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

Predictions

Exploit likelihood
30%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-15265

OS impact
OSVersionStatusFixed in
arch archfixed2.4.0rc4-1
debian debianforkyfixed0
debian debiansidfixed0

Package impact
EcosystemPackageVulnerableFixed
python PyPItensorflow<2.4.02.4.0
python PyPItensorflow-cpu<2.4.02.4.0
python PyPItensorflow-gpu<2.4.02.4.0
python PyPItensorflow<eccb7ec454e6617738554a255d77f08e60ee0808||<2.4.0eccb7ec454e6617738554a255d77f08e60ee0808
python PyPItensorflow-gpu<eccb7ec454e6617738554a255d77f08e60ee0808||<2.4.0eccb7ec454e6617738554a255d77f08e60ee0808
python PyPItensorflow-cpu<eccb7ec454e6617738554a255d77f08e60ee0808||<2.4.0eccb7ec454e6617738554a255d77f08e60ee0808

References

Verify integrity in audit chain (admin only). AS-IS.